-
December 19th, 2007, 04:18 PM
#1
Junior Member
Newbie Question: Mailserver security
Hi Guys/Gals,
I have a problem with one of my client; he accuses his ISP of forwarding his email to the competition. So I was wondering what kind of action a hacker needs to take to realize this. I know that nothing is impossible but, is it plausible that this happened to my client?
The ISP assures us that this didn’t happen and I tent to believe them. So to get it clear if that the client has another security leak I need to get a global view of all the possible actions of a hacker. So I can create an overview and search for other possible leakages.
Can somebody help me with this?
Kind regards,
Arbi
Last edited by MrEsco; December 19th, 2007 at 04:20 PM.
Reason: Forgot some line :)
Beware of weird people
-
December 19th, 2007, 06:35 PM
#2
Well im sure your [insert someone other than me here] is just paranoid. Leaks are fun to play with and there's probably a bazillion different ways to track 'em down without getting into murky legal waters. I don't know what exactly you're looking for by 'action of a hacker' but i don't think anyones gonna show you how to hack the Gibson here, if-yaknowwhadimean
But your options all depend on what kind of business you're [insert someone other than me here] is in and what the competition could gain by reading the emails. It also helps if you know what type of mail reader the person is using. Outlook? What version? Or is he reading it at gmail? Or juliosdiscountemail.com? We need details.
btw, what is the esco in your name stand for?
-
December 19th, 2007, 06:45 PM
#3
ISPs don't intercept mail without a court order. OK they log activity but have no idea of what people are doing unless they analyse their logs.
The three likely sources are:
1. A keylogger.
2. Spyware that sends duplicates of e-mails.
3. An insider.
-
December 19th, 2007, 07:05 PM
#4
Originally Posted by nihil
ISPs don't intercept mail without a court order.
Not unless you're AT&T, then you just shotgun everything to the NSA
-
December 19th, 2007, 07:18 PM
#5
What I would do is go to a friend's place. Logon to e-mail using their machine and change the password.
That would resolve the compromised account and insider possibilities.
Then format and reinstall............. that will get rid of spyware and most keyloggers.
-
December 19th, 2007, 07:38 PM
#6
Junior Member
Originally Posted by xiphias360
Well im sure your [insert someone other than me here] is just paranoid.
That I am sure about
Originally Posted by xiphias360
I don't know what exactly you're looking for by 'action of a hacker' but i don't think anyones gonna show you how to hack the Gibson here, if-yaknowwhadimean
Its not the goal of my question to get to hacking part... am more intrested in the information how i can defuse the situation. And thats why i posted it
Originally Posted by xiphias360
But your options all depend on what kind of business you're [insert someone other than me here] is in and what the competition could gain by reading the emails. It also helps if you know what type of mail reader the person is using. Outlook? What version? Or is he reading it at gmail? Or juliosdiscountemail.com? We need details.
True, but i was more looking for global answers... i dint want to bore u with the juicy details... But seriously, as u said there about trillian (I can also make numbers up) ways to get to the emails. I Should have specified that am looking at ways that are currently are "mis"used and what the commonly used ways out there.
Originally Posted by xiphias360
btw, what is the esco in your name stand for?
Its stands for *non of your business*, just kidding it stands for escobar. are u doing some social hacking? I can asure there is nothing to gain... My secrets are publicly known...
back to the problem at hand: He's problaly using an cheap hosted web based email system. Reading his email online and downloading his email true an pop3 server.
Nature of his business is more focussed on knowledge and his specialized network of clients.
I hope this will be enough for a short run down without the details of the common used practices...
MrEsco
-
December 19th, 2007, 07:42 PM
#7
Junior Member
Originally Posted by nihil
ISPs don't intercept mail without a court order. OK they log activity but have no idea of what people are doing unless they analyse their logs.
The three likely sources are:
1. A keylogger.
2. Spyware that sends duplicates of e-mails.
3. An insider.
Yep, he changes frequently his passwords and the last week he's using a lot of diffrent computers (thats what he said).
Spyware: Yep, is possible but we didnt detected any known spyware/trojan...
Yep: thats our main focus but he claims that there are duplicate emails going around. People quoting his emails (yep sounds like poetry)
MrEsco
PS: and why the hell am i using "yep" alot? Might it be a virus?
-
December 19th, 2007, 07:47 PM
#8
Junior Member
Maybe you can tell him to send you mail with a photo from a webserver owned by you.
Then you can add a script that will log all the ips who are downloading this photo and you ll see whether someone intercepts his mail.
Then you can track the ip who viewed your photo and his mail
its my 2nd post so be gentle
Last edited by lazy13; December 19th, 2007 at 07:54 PM.
-
December 19th, 2007, 07:55 PM
#9
Hmmm,
Nature of his business is more focussed on knowledge and his specialized network of clients.
Does he send the same or similar mails to them all? If so, the compromise might be outside of his business at a client? Is he sure that all his clients are genuine?
Spyware: Yep, is possible but we didnt detected any known spyware/trojan...
What tools have you used? remember that conventional AV products are not very good at detecting trojans and spyware, particularly as the spyware may look like a legitimate application.
-
December 19th, 2007, 08:02 PM
#10
no social hacking, just curious. i live in a city called Escondido, right by San Diego. For short we call it Esco
Well, on to your options. I think the most used technique to find a leak is by sending false information and seeing if your suspect picks up on it. This is used by even the most un-tech savvy of computer users. Putting something in an juicy or interesting in an email and then casually bringing it up later in a conversation and seeing if the suspect lets out more than you have told him.
But if the person is using some cheap online email account you can add an IP/timestamp logger to your emails. Actually, depending on how you used it, it could probably work in the best of online email accounts. Anywho, here's the gist: you make a small perl script that does the following,
open log file;
store a line like "$ENV{REMOTE_ADDR} (ip of whoever opens the email) opened the email at $timestamp\n";
close log file;
open image file;
get image file;
print image file;
close image file;
This is something i used to use and it works. But today, sites like gmail automatically block images in emails, just like outlook, unless the user clicks a link to show the images. So if that's the case, you can create an email where the main focus is the data on some graph or other interesting image that would cause the user to download the image.
I had a pretty nice program back in the day. I modified my .htaccess so that .gif extensions were associated with cgi scripts (just to add to the realness ) and i used sendmail to alert me whenever the image was triggered as well as logged everything to a file.
Similar Threads
-
By Outer_Heaven in forum Newbie Security Questions
Replies: 30
Last Post: January 5th, 2005, 03:13 AM
-
By pwaring in forum Other Tutorials Forum
Replies: 60
Last Post: October 22nd, 2004, 09:15 PM
-
By Owmen in forum Microsoft Security Discussions
Replies: 14
Last Post: September 26th, 2004, 05:53 PM
-
By TechieChick in forum AntiOnline's General Chit Chat
Replies: 8
Last Post: February 11th, 2002, 08:30 PM
-
By suzkaw in forum Newbie Security Questions
Replies: 4
Last Post: February 4th, 2002, 03:37 AM
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|